strongswan.git
10 years agomake an optional XAUTH user ID available in the updown script
Andreas Steffen [Tue, 8 Jun 2010 15:50:22 +0000 (17:50 +0200)]
make an optional XAUTH user ID available in the updown script

10 years agoinherit XAUTH identities in Phase 2
Heiko Hund [Tue, 8 Jun 2010 10:15:42 +0000 (12:15 +0200)]
inherit XAUTH identities in Phase 2

10 years agoAdding a basic unit test for hashtable_t.
Tobias Brunner [Mon, 7 Jun 2010 14:39:49 +0000 (16:39 +0200)]
Adding a basic unit test for hashtable_t.

10 years agoAdding a remove_at method to the hash table.
Tobias Brunner [Mon, 7 Jun 2010 14:36:26 +0000 (16:36 +0200)]
Adding a remove_at method to the hash table.

This allows to remove key-value pairs while enumerating them.

10 years agoMigrated hashtable_t to INIT/METHOD macros.
Tobias Brunner [Mon, 7 Jun 2010 13:50:41 +0000 (15:50 +0200)]
Migrated hashtable_t to INIT/METHOD macros.

10 years agoAdd extra information in debug output for IKE_SA check{out, in}
Thomas Egerer [Sun, 6 Jun 2010 20:50:29 +0000 (22:50 +0200)]
Add extra information in debug output for IKE_SA check{out, in}

This output helps tracing checkout and checkin of IKE_SAs when there is
more than one IKE_SAs with the same name. I also added the type of
in-air-exchange to the debug output issued by the task_manager in case
a task initiation is delayed, came in handy for me.

10 years agotraffic_selector_t is gone into libstrongswan, migrate printf hook registration,...
Martin Willi [Mon, 7 Jun 2010 13:06:09 +0000 (15:06 +0200)]
traffic_selector_t is gone into libstrongswan, migrate printf hook registration, too.

10 years agoFlush auth configs, create new keymat during SA reset
Martin Willi [Mon, 7 Jun 2010 12:59:39 +0000 (14:59 +0200)]
Flush auth configs, create new keymat during SA reset

10 years agoRecreate IKE_INIT/IKE_NATD/IKE_VENDOR tasks if we reset SA during IKE_AUTH
Martin Willi [Mon, 7 Jun 2010 12:58:57 +0000 (14:58 +0200)]
Recreate IKE_INIT/IKE_NATD/IKE_VENDOR tasks if we reset SA during IKE_AUTH

10 years agoReacquire keymat from new IKE_SA during task migration
Martin Willi [Mon, 7 Jun 2010 12:56:24 +0000 (14:56 +0200)]
Reacquire keymat from new IKE_SA during task migration

10 years agoFlush certificate cache on CA delete
Martin Willi [Mon, 7 Jun 2010 11:51:18 +0000 (13:51 +0200)]
Flush certificate cache on CA delete

10 years agoLog non-empty task queues in statusall
Martin Willi [Mon, 7 Jun 2010 09:59:37 +0000 (11:59 +0200)]
Log non-empty task queues in statusall

10 years agoWrap task enumerator in ike_sa
Martin Willi [Mon, 7 Jun 2010 09:37:55 +0000 (11:37 +0200)]
Wrap task enumerator in ike_sa

10 years agoMigrated ike_sa_t to INIT/METHOD macros
Martin Willi [Mon, 7 Jun 2010 09:30:27 +0000 (09:30 +0000)]
Migrated ike_sa_t to INIT/METHOD macros

10 years agoAdded support for task enumeration in task_manager_t
Martin Willi [Mon, 7 Jun 2010 08:45:25 +0000 (10:45 +0200)]
Added support for task enumeration in task_manager_t

10 years agoMigrated task_manager_t to INIT/METHOD macros
Martin Willi [Mon, 7 Jun 2010 08:37:00 +0000 (10:37 +0200)]
Migrated task_manager_t to INIT/METHOD macros

10 years agouse --addattr
Andreas Steffen [Sat, 5 Jun 2010 11:49:01 +0000 (13:49 +0200)]
use --addattr

10 years agouse --addattr
Andreas Steffen [Sat, 5 Jun 2010 11:47:23 +0000 (13:47 +0200)]
use --addattr

10 years agoadded ikev2/nat-virtual-ip scenario
Andreas Steffen [Sat, 5 Jun 2010 11:42:28 +0000 (13:42 +0200)]
added ikev2/nat-virtual-ip scenario

10 years agoremove stray carolReq.pem
Andreas Steffen [Sat, 5 Jun 2010 11:36:39 +0000 (13:36 +0200)]
remove stray carolReq.pem

10 years agoshare pool in ikev1/mode-config-multiple scenario
Andreas Steffen [Sat, 5 Jun 2010 11:17:51 +0000 (13:17 +0200)]
share pool in ikev1/mode-config-multiple scenario

10 years agouse --addattr
Andreas Steffen [Sat, 5 Jun 2010 11:15:03 +0000 (13:15 +0200)]
use --addattr

10 years agoremove stray scenario files
Andreas Steffen [Sat, 5 Jun 2010 11:10:39 +0000 (13:10 +0200)]
remove stray scenario files

10 years agoAccept ARP requests with an ethernet trailer, but trim it
Martin Willi [Wed, 2 Jun 2010 08:05:43 +0000 (10:05 +0200)]
Accept ARP requests with an ethernet trailer, but trim it

10 years agoAdded a EAP-SIM/AKA backend reading triplets/quintuplets from a SQL database
Martin Willi [Wed, 2 Jun 2010 13:55:58 +0000 (15:55 +0200)]
Added a EAP-SIM/AKA backend reading triplets/quintuplets from a SQL database

10 years agofixed configuration attribute type determination
Andreas Steffen [Wed, 2 Jun 2010 09:51:53 +0000 (11:51 +0200)]
fixed configuration attribute type determination

10 years agoDisable close action for a redundant CHILD_SA resulting from a rekey collision
Martin Willi [Wed, 2 Jun 2010 09:43:39 +0000 (11:43 +0200)]
Disable close action for a redundant CHILD_SA resulting from a rekey collision

If a rekey collision is detected, the winning peer of the nonce compare
will delete the redundant CHILD_SA. The other peer should not enforce the
close action on this CHILD, as it would reestablish the redundat CHILD_SA.
Thanks to Thomas Egerer from secunet for pointing this out and the initial
patchset.

10 years agoUse wrapped getters for close/dpd action
Martin Willi [Wed, 2 Jun 2010 09:41:46 +0000 (11:41 +0200)]
Use wrapped getters for close/dpd action

10 years agoWrap getters for dpd/close action into CHILD_SA, allows us to override them
Martin Willi [Wed, 2 Jun 2010 09:40:38 +0000 (11:40 +0200)]
Wrap getters for dpd/close action into CHILD_SA, allows us to override them

10 years agoipsec pool --statusattr [--hexout] outputs attribute values in correct format if...
Andreas Steffen [Tue, 1 Jun 2010 14:47:56 +0000 (16:47 +0200)]
ipsec pool --statusattr [--hexout] outputs attribute values in correct format if known

10 years agoadded unity_def_domain keyword tip ipsec pool
Andreas Steffen [Mon, 31 May 2010 14:46:47 +0000 (16:46 +0200)]
added unity_def_domain keyword tip ipsec pool

10 years agoAdded generated manpages to .gitignore
Martin Willi [Mon, 31 May 2010 11:41:25 +0000 (13:41 +0200)]
Added generated manpages to .gitignore

10 years agoChanged default lifetime of certificates to 3 years
Martin Willi [Mon, 31 May 2010 11:14:36 +0000 (13:14 +0200)]
Changed default lifetime of certificates to 3 years

10 years agoSupport extendedKeyUsage flags in self-signed certificates
Martin Willi [Mon, 31 May 2010 11:12:46 +0000 (13:12 +0200)]
Support extendedKeyUsage flags in self-signed certificates

10 years agoIPSEC_CONFDIR in ipsec script fixed.
Tobias Brunner [Sun, 30 May 2010 11:07:32 +0000 (13:07 +0200)]
IPSEC_CONFDIR in ipsec script fixed.

10 years agoAdding the version number to the most relevant manual pages.
Tobias Brunner [Sun, 30 May 2010 11:03:04 +0000 (13:03 +0200)]
Adding the version number to the most relevant manual pages.

10 years agoUpdated and corrected the ipsec.secrets(5) manual page.
Tobias Brunner [Sun, 30 May 2010 09:51:30 +0000 (11:51 +0200)]
Updated and corrected the ipsec.secrets(5) manual page.

10 years agoUpdated and corrected the ipsec.conf(5) manual page.
Tobias Brunner [Sat, 29 May 2010 19:10:18 +0000 (21:10 +0200)]
Updated and corrected the ipsec.conf(5) manual page.

10 years agoUpdated and corrected the ipsec(8) manual page.
Tobias Brunner [Sat, 29 May 2010 15:34:00 +0000 (17:34 +0200)]
Updated and corrected the ipsec(8) manual page.

10 years agoadded --leases command line option to synopsis
Andreas Steffen [Sat, 29 May 2010 11:29:23 +0000 (13:29 +0200)]
added --leases command line option to synopsis

10 years agoadded --showattr command line option to synopsys
Andreas Steffen [Sat, 29 May 2010 11:23:20 +0000 (13:23 +0200)]
added --showattr command line option to synopsys

10 years agoadded X.509 support by openssl plugin to NEWS
Andreas Steffen [Sat, 29 May 2010 09:22:36 +0000 (11:22 +0200)]
added X.509 support by openssl plugin to NEWS

10 years agoremove x509 plugin from openssl-ikev1 scenarios
Andreas Steffen [Fri, 28 May 2010 21:22:15 +0000 (23:22 +0200)]
remove x509 plugin from openssl-ikev1 scenarios

10 years agoDo not install trap policy if remote host is %any.
Tobias Brunner [Fri, 28 May 2010 13:43:12 +0000 (15:43 +0200)]
Do not install trap policy if remote host is %any.

10 years agobe lenient towards wrong attribute encodings
Andreas Steffen [Fri, 28 May 2010 13:07:09 +0000 (15:07 +0200)]
be lenient towards wrong attribute encodings

10 years agoSend empty SIM/AKA-NOTIFICATION response for non-success codes, too
Martin Willi [Thu, 27 May 2010 13:04:25 +0000 (15:04 +0200)]
Send empty SIM/AKA-NOTIFICATION response for non-success codes, too

10 years agoAdded support for reading raw PUT/POST data from HTTP request
Martin Willi [Thu, 27 May 2010 07:30:14 +0000 (09:30 +0200)]
Added support for reading raw PUT/POST data from HTTP request

10 years agoUnwrap subjectKeyIdentifier from OCTET_STRING
Martin Willi [Wed, 26 May 2010 14:09:50 +0000 (16:09 +0200)]
Unwrap subjectKeyIdentifier from OCTET_STRING

10 years agoremove x509 plugin from remaining openssl-ikev2 scenarios
Andreas Steffen [Tue, 25 May 2010 13:49:58 +0000 (15:49 +0200)]
remove x509 plugin from remaining openssl-ikev2 scenarios

10 years agoopenssl-ikev2/rw-cert scenario doesn't need x509 plugin any more
Andreas Steffen [Tue, 25 May 2010 13:26:46 +0000 (15:26 +0200)]
openssl-ikev2/rw-cert scenario doesn't need x509 plugin any more

10 years agoseveral subnets can be concatenated
Andreas Steffen [Sat, 22 May 2010 20:53:24 +0000 (22:53 +0200)]
several subnets can be concatenated

10 years agoadded --showattr command to usage()
Andreas Steffen [Sat, 22 May 2010 08:46:15 +0000 (10:46 +0200)]
added --showattr command to usage()

10 years agoFixed compiler warning in invocation of crl_is_newer()
Martin Willi [Fri, 21 May 2010 14:41:13 +0000 (16:41 +0200)]
Fixed compiler warning in invocation of crl_is_newer()

10 years agoUse CAs subjectKeyIdentifier as CRLs authorityKeyIdentifier
Martin Willi [Fri, 21 May 2010 14:38:19 +0000 (16:38 +0200)]
Use CAs subjectKeyIdentifier as CRLs authorityKeyIdentifier

10 years agoAdded a --signcrl command to the pki utility
Martin Willi [Fri, 21 May 2010 13:53:31 +0000 (15:53 +0200)]
Added a --signcrl command to the pki utility

10 years agoAdded support for CRL generation to x509 plugin
Martin Willi [Fri, 21 May 2010 13:52:20 +0000 (15:52 +0200)]
Added support for CRL generation to x509 plugin

10 years agoRemoved is_newer() from certificate_t, obsoleting all implementations
Martin Willi [Fri, 21 May 2010 07:53:23 +0000 (09:53 +0200)]
Removed is_newer() from certificate_t, obsoleting all implementations

10 years agoAdded generic implementations for crl_is_newer/certificate_is_newer
Martin Willi [Fri, 21 May 2010 07:48:23 +0000 (09:48 +0200)]
Added generic implementations for crl_is_newer/certificate_is_newer

10 years agoMigrated x509_crl_t to INIT/METHOD macros
Martin Willi [Fri, 21 May 2010 07:18:27 +0000 (09:18 +0200)]
Migrated x509_crl_t to INIT/METHOD macros

10 years agoImplemented X.509 CRL reading using OpenSSL
Martin Willi [Thu, 20 May 2010 15:33:52 +0000 (17:33 +0200)]
Implemented X.509 CRL reading using OpenSSL

10 years agoImplemented X.509 certificate reading using OpenSSL
Martin Willi [Thu, 20 May 2010 08:09:04 +0000 (08:09 +0000)]
Implemented X.509 certificate reading using OpenSSL

10 years agooops, removed stray parenthesis
Andreas Steffen [Thu, 20 May 2010 15:38:39 +0000 (17:38 +0200)]
oops, removed stray parenthesis

10 years agoFixed doxygen group
Martin Willi [Thu, 20 May 2010 11:22:13 +0000 (13:22 +0200)]
Fixed doxygen group

10 years agoWhitelist OpenSSLs ERR_put_error() in leak-detective
Martin Willi [Thu, 20 May 2010 07:44:59 +0000 (09:44 +0200)]
Whitelist OpenSSLs ERR_put_error() in leak-detective

As we do not invoke ERR_get/clear_error() in all error cases, the
error codes are not removed from the error queue. But it is save
to whitelist the put function, as it uses a circular buffer that
does not grow beyond ERR_NUM_ERRORS errors (16 by default).

10 years agoAdded a --print command to pki that dumps different credentials
Martin Willi [Thu, 20 May 2010 07:41:47 +0000 (09:41 +0200)]
Added a --print command to pki that dumps different credentials

10 years agoOption to skip slow addr2line resolution in leak-detective
Martin Willi [Wed, 19 May 2010 13:22:12 +0000 (15:22 +0200)]
Option to skip slow addr2line resolution in leak-detective

10 years agorange check for configuration attribute types
Andreas Steffen [Thu, 20 May 2010 15:35:10 +0000 (17:35 +0200)]
range check for configuration attribute types

10 years agoimplement ipsec pool -showattr function
Andreas Steffen [Thu, 20 May 2010 15:24:43 +0000 (17:24 +0200)]
implement ipsec pool -showattr function

10 years agoremoved deprecated use of ipsec pool --attr|del dns|nbns from usage()
Andreas Steffen [Thu, 20 May 2010 14:30:15 +0000 (16:30 +0200)]
removed deprecated use of ipsec pool --attr|del dns|nbns from usage()

10 years agoOnly include C files that start with the plugin name when building for Android.
Tobias Brunner [Thu, 20 May 2010 10:01:12 +0000 (12:01 +0200)]
Only include C files that start with the plugin name when building for Android.

10 years agoadded ipsec pool attribute support to NEWS
Andreas Steffen [Wed, 19 May 2010 19:53:55 +0000 (21:53 +0200)]
added ipsec pool attribute support to NEWS

10 years agomanagement of any attribute by ipsec pool
Andreas Steffen [Wed, 19 May 2010 19:51:21 +0000 (21:51 +0200)]
management of any attribute by ipsec pool

10 years agoupdated ikev1/rw-cert scenario to support xauth integrity test
Andreas Steffen [Wed, 19 May 2010 06:31:39 +0000 (08:31 +0200)]
updated ikev1/rw-cert scenario to support xauth integrity test

10 years agochecksum_builder() needs the pluto symbol
Andreas Steffen [Wed, 19 May 2010 06:02:22 +0000 (08:02 +0200)]
checksum_builder() needs the pluto symbol

10 years agoupdated ikev1/xauth-rsa-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:57:12 +0000 (22:57 +0200)]
updated ikev1/xauth-rsa-mode-config scenario to support xauth plugin

10 years agoupdated ikev1/xauth-psk-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:56:42 +0000 (22:56 +0200)]
updated ikev1/xauth-psk-mode-config scenario to support xauth plugin

10 years agoupdated ikev1/xauth-psk-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:48:37 +0000 (22:48 +0200)]
updated ikev1/xauth-psk-mode-config scenario to support xauth plugin

10 years agoregister virtual IPs under the XAUTH identity
Andreas Steffen [Tue, 18 May 2010 20:41:22 +0000 (22:41 +0200)]
register virtual IPs under the XAUTH identity

10 years agoupdated ikev1/xauth-rsa-nosecret scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 18:20:55 +0000 (20:20 +0200)]
updated ikev1/xauth-rsa-nosecret scenario to support xauth plugin

10 years agocreated ikev1/xauth-id-psk scenario
Andreas Steffen [Tue, 18 May 2010 18:04:52 +0000 (20:04 +0200)]
created ikev1/xauth-id-psk scenario

10 years agoupdated ikev1/xauth-psk scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 18:04:02 +0000 (20:04 +0200)]
updated ikev1/xauth-psk scenario to support xauth plugin

10 years agoclarified secret loading debug output
Andreas Steffen [Tue, 18 May 2010 14:54:20 +0000 (16:54 +0200)]
clarified secret loading debug output

10 years agoupdated ikev1/xauth-rsa-fail scenario to xauth plugin
Andreas Steffen [Tue, 18 May 2010 14:53:34 +0000 (16:53 +0200)]
updated ikev1/xauth-rsa-fail scenario to xauth plugin

10 years agocreated ikev1/xauth-id-rsa scenario using XAUTH identities
Andreas Steffen [Tue, 18 May 2010 14:53:00 +0000 (16:53 +0200)]
created ikev1/xauth-id-rsa scenario using XAUTH identities

10 years agoupdated ikev1/xauth-rsa scenario to xauth plugin
Andreas Steffen [Tue, 18 May 2010 14:52:12 +0000 (16:52 +0200)]
updated ikev1/xauth-rsa scenario to xauth plugin

10 years agoTypo fixed.
Tobias Brunner [Tue, 18 May 2010 11:59:23 +0000 (13:59 +0200)]
Typo fixed.

10 years agoimplemented xauth as a pluto plugin
Andreas Steffen [Tue, 18 May 2010 11:51:15 +0000 (13:51 +0200)]
implemented xauth as a pluto plugin

10 years agoHandle collisions between rekey and the following delete properly
Martin Willi [Tue, 18 May 2010 10:21:38 +0000 (12:21 +0200)]
Handle collisions between rekey and the following delete properly

10 years agoAdded simple conditional packet receive delay
Martin Willi [Tue, 18 May 2010 10:21:05 +0000 (12:21 +0200)]
Added simple conditional packet receive delay

10 years agoAdded simple conditional packet send delay
Martin Willi [Tue, 18 May 2010 10:20:32 +0000 (12:20 +0200)]
Added simple conditional packet send delay

10 years agoExplicitly link gpg-error to gcrypt plugin
Martin Willi [Mon, 17 May 2010 10:36:30 +0000 (12:36 +0200)]
Explicitly link gpg-error to gcrypt plugin

10 years agoLink to libgpg-error to resolve additional symbols when testing for libgcrypt
Martin Willi [Mon, 17 May 2010 09:08:13 +0000 (11:08 +0200)]
Link to libgpg-error to resolve additional symbols when testing for libgcrypt

10 years agoit's too late on Saturday evening
Andreas Steffen [Sat, 15 May 2010 16:52:59 +0000 (18:52 +0200)]
it's too late on Saturday evening

10 years agoroll back some changes
Andreas Steffen [Sat, 15 May 2010 16:48:35 +0000 (18:48 +0200)]
roll back some changes

10 years agoencoding of MODE_TUNNEL changed
Andreas Steffen [Sat, 15 May 2010 16:36:14 +0000 (18:36 +0200)]
encoding of MODE_TUNNEL changed

10 years agothe keyid is a subjectKeyIdentifier
Andreas Steffen [Sat, 15 May 2010 15:03:04 +0000 (17:03 +0200)]
the keyid is a subjectKeyIdentifier

10 years agofixed keyids in sql/rw-psk-rsa-split scenario
Andreas Steffen [Sat, 15 May 2010 14:55:08 +0000 (16:55 +0200)]
fixed keyids in sql/rw-psk-rsa-split scenario

10 years agofixed keyids in sql/rw-eap-aka-rsa scenario
Andreas Steffen [Sat, 15 May 2010 14:44:53 +0000 (16:44 +0200)]
fixed keyids in sql/rw-eap-aka-rsa scenario

10 years agofixed keyids in sql/rw-cert scenario
Andreas Steffen [Sat, 15 May 2010 14:34:50 +0000 (16:34 +0200)]
fixed keyids in sql/rw-cert scenario

10 years agofixed keyids in sql/net2net-cert scenario
Andreas Steffen [Sat, 15 May 2010 14:20:34 +0000 (16:20 +0200)]
fixed keyids in sql/net2net-cert scenario